4 chan has struck again. First there was the celebrity nude leak scandal Fappening, and now there is the Snappening. For a brief history, on August 31, 2014, a collection private and nude pictures of almost 100 female celebrities were posted on the image sharing website 4chan.org. These were later shared by other users on websites and social networks such as Imgur, Reddit and Tumblr. The world got to see very intimate pictures of some of Hollywood’s largest stars. These included Jennifer Lawrence, Kate Upton, Nicky Minaj, Selena Gomez, Scarlett Johanson, Rihanna, Hillary Duff, and Demi Lovato, among others.

This time though, it’s not just nude photos from 100 celebrities. It is nude photos and videos from potentially hundreds of thousands of Snapchat accounts hacked by users of the same website. In what could possibly be one of the largest data breaches of online profiles, members from the website 4chan.org claim to have gained access to over two hundred thousand Snapchat accounts. They accomplished this by hacking the cloud service Snapsave. To put this into perspective, just imagine the celebrity nude scandal. Now replace iCloud with Snapsave and blow this up by hundreds of thousands of accounts. Now you have the Snappening.

UPDATE:

As an attempt to create awareness of the pitfalls of online security and the vulnerabilities of security in the cloud, I followed any thread on 4chan with the title “Snappening” and decided to take screenshots of the whole event as it unfolded. I then uploaded these screenshots to my blog, including the link that someone posted with almost 100,000 of the hacked images, after the service had been pulled down. I posted the article at 11:30 PM (23:30) PST with all the details, added some tweets to my bufferapp, then went to bed. When I awoke, things got heavy.

Because of the crushing amount of traffic to the website, this article was unavailable for part of the day. As a result I have removed the original screenshots I took of the folks over at 4chan and have instead provided links from news outlets that provide details about the event below.

6:00 PM (18:00) PST October 10, 2014

What a whirlwind adventure these last 24 hours have become. I awoke this morning to an explosion of emails, tweets and my website that had ground to a halt because of sheer amount of traffic. After I went to bed, my article was picked up by Reddit, and then by Forbes and several other news media sites.

Originally there was a little confusion about the intentions of my blog; some people thought that I was the one posting the leaked Snapchat images on my website. Others thought that I had created an elaborate hoax to grab attention. Fortunately, Kashmir Hill from Forbes interviewed me over the phone and clarified the story. You can read her article here:http://www.forbes.com/sites/kashmir...t-hack-not-a-hoax-says-snappening-chronicler/

Unfortunately It appears that this “Snappening” event will not be going away any time soon. I have since received emails from members of 4chan stating that it’s not over. They have told me that their original plan was, and continues to be, to take the leaked images and database that they hacked, and create a website where anyone will be able to search for their favorite snapchatter for nude pictures. They have set a temporary deadline of October 12, 2014.

The implications of this leak are very complicated, as some of the images will most likely be of underage teens. I wanted to point out that I have never been any part of this event, outside of simply providing an objective timeline of the events as they unfolded.

Tomorrow, I will be writing another article about security in the cloud, and best practices for mobile apps. Basic rule of thumb… If you don’t want a picture to be seen by anyone, DON’T UPLOAD IT to any cloud service, or use any app. They are simply not safe and can’t provide your privacy.

Thank you to everyone that has contacted me via twitter and email. I appreciate all your support and comments.

The leak was apparently caused by SnapSaved.com (which has apparently been offline for several months; the link is to the developers’ Facebook page). SnapSaved was a Web-based client built for Snapchat that allowed users to access “snaps” from a Web browser. However, the service, which according to DNS records ran on a server at the hosting company HostGator, apparently kept all images received or sent by its users without their knowledge.

Click to expand...

Snapchats API was never open for developers to make third party app's or services with but apparently it had been leaked / reverse engineered before, and the devs were aware of this. Despite this the Snapchat devs seemingly made no effort to re-secure their API or make changes so these third party services could no longer work.